Monday, July 24, 2017

apache 2.2 - How to Check if a SSL Certificate is successfully renewed



I have two web servers, one for an intranet and the other for a website. The system specs of the two are almost the same, which is as follows:



CentOS 6.5
LAMP (Apache/2.2.15) + WordPress, which were installed with yum command




I am trying to renew their wildcard SSL certificate with a new one, which I recently got from GoDaddy. The zip file sent from GoDaddy includes the followings:



c************.crt
gd_bundle-g2-g1.crt
gd_intermediate.crt



The two servers share the same private key (test.key), which I am going to use for the new certificate too. So the 2 steps below is all I did on both servers.



(Step 1)
Copy the three files above to /etc/pki/tls/certs directory and edit the /etc/httpd/conf/httpd.conf so the keys "SSLCertificateFile" and "SSLCertificateChainFile" point to the new respective file. The file looks like below after editting.






SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/c************.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
AllowOverride All
DocumentRoot /var/www/html
ServerName *****.*********.com




(Step 2)
Restart the server



After the steps, I accessed both servers with google chrome and checked to see if the expiration date had changed. The expiration date on the intranet has changed like I had expected.



(before)
Valid from 6/17/2014 to 6/17/2015
(after)
Valid from 5/18/2014 to 6/17/2016



But the date on the website is still the same. Is there any other way to check if the certificate is successfully renewed? Or is there anything wrong about the steps I followed? I did not get any errors when I went through the steps and I am thinking that there might be some more steps I need to do to get a wildcard certificate to work.


Answer




1) Remember - Apache uses either httpd.conf or ssl.conf depending on how Apache was configured - since ssl.conf is preferred make sure the "failing" server is NOT using ssl.conf instead.



2) Have you tried copying the httpd.conf file from the working server to the "failing" server. If everything else is the same, that should make SSL work, if it doesn't everything is NOT the same on the two servers - double check


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...